From owner-freebsd-questions@FreeBSD.ORG Fri Apr 27 16:30:32 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E056416A40F for ; Fri, 27 Apr 2007 16:30:32 +0000 (UTC) (envelope-from alex@mtcenter.ru) Received: from ns.fem.ru (fem.ru [194.190.225.2]) by mx1.freebsd.org (Postfix) with ESMTP id 706DC13C43E for ; Fri, 27 Apr 2007 16:30:32 +0000 (UTC) (envelope-from alex@mtcenter.ru) Received: from ASUS (utm.spbstu.ru [195.209.231.237]) by ns.fem.ru (8.13.4/8.13.4) with ESMTP id l3RGF6Jm000612 for ; Fri, 27 Apr 2007 20:15:10 +0400 (MSD) (envelope-from alex@mtcenter.ru) Date: Fri, 27 Apr 2007 20:08:21 +0400 From: Alexandre Fedotov X-Mailer: The Bat! (v3.98.4) Professional Organization: Management Training Center X-Priority: 3 (Normal) Message-ID: <416668549.20070427200821@fem.ru> To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: Bandwith limitations, NAT and transparent proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexandre Fedotov List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2007 16:30:33 -0000 Здравствуйте, freebsd-questions. You need to add queue's and forward all you inside subnets to those queues smthing like this ${fwcmd} pipe 1 config bw 128Kbit/s queue 20Kbytes ${fwcmd} queue 1 config pipe 1 weight 50 queue 20 mask dst-ip 0xffffffff ${fwcmd} queue 2 config pipe 1 weight 50 queue 20 mask src-ip 0xfffffff ${fwcmd} add 40000 queue 1 ip from any to 192.168.1.128/25 via em0 ${fwcmd} add 40001 queue 2 ip from 192.168.1.128/25 to any via em0 > Hi ! > > I have FreeBSD 4.8 installed. > There is IPFIREWALL, IPFIREWALL_FORWARD, IPDIVERT and DUMMYNET in my > kernel configration. > On my FBSD gateway to the Internet I would like to use NAT (of course > :-))) ), transparent proxy and limit the outgoing traffic. > xl0 (62.169.170.166/30) is the public interface, xl1 (192.168.1.1/24) is > the private one. > > If my firewall rules look like: > ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes > ipfw add 47 pipe 1 ip from any to any out via xl0 > ipfw add 48 allow ip from 192.168.1.1 to any > ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 > ipfw add 50 divert 8668 ip from any to any via xl0 > ... (the rest of OPEN firewall rules) > nothing except http (because of transparent proxy, I think) goes through > the gateway from the local net. > > If my firewall rules look like: > ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes > ipfw add 47 pipe 1 ip from 62.169.170.166 to any out via xl0 > ipfw add 48 allow ip from 192.168.1.1 to any > ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 > ipfw add 50 divert 8668 ip from any to any via xl0 > ... (the rest of OPEN firewall rules) > everything works fine except except the bandwith limitation. > > Do you have any ideas, how to get these three things (bandwith > limitation, nat, transparent proxy) work together ? > > Thanks a lot in advance. > > GIGI -- С уважением, Alexandre Fedotov Management Training Center www.mtcenter.ru mailto:alex@mtcenter.ru